Posted
by
Soulskill
on Saturday January 10, 2009 @01:22PM
from the taking-a-stand-against-e-loitering dept.

caffeinemessiah writes "In the wake of the recent terrorist attacks in Mumbai, India, the local police are going to be sniffing out unsecured wi-fi access points and ordering the owners to secure them. The article notes that 'terror mails were sent through unsecured Wi-Fi connections' before bomb blasts in other Indian cities. No word on if they'll be walking around using Kismet, or if people who use pathetically weak WEP encryption will be ordered to switch to more advanced protocols. Unfortunately, a gesture like this does not take into account the insidious scenario of walking into a cafe, buying a coffee and then (legally) using the cafe's wi-fi. Or the fact that terrorists might actually be able to pay to use a cybercafe, and know what VPNs are."
On the other hand, the Mumbai police may still be keeping track of the mandatory keyloggers that went into the area's cybercafes in 2007.

I honestly don't know. If this were in effect before the attack, what difference would it have made? I can't help but think "not a heck of a lot". Terror has a way of routing itself around obstacles. While it's good to have a secure network, should it be mandated?

Is a network "unsecure" if you intentionally keep it open? Does this outlaw sharing access then?

Unless i'm at university I always leave my network unsecured. My neighbors use it on occasion (i check logs). And I use theirs on occasion, with us being on separate ISPs we get at least 5 9s of uptime. It frustrates me that secured is become standard or in this case enforced. It was much better a few years ago when i could get wireless access in most places to check emails and such. Why do have to have such a community of locked doors? If someone has a laptop they likely have their own wireless internet which you could use, it is a perfectly fair deal. If my neighbours did a few gigs a day i'd stop it but it never went over a few megs.Standard security should not allow access to lan. It should be allowed to set limits for outsiders and should have a message redirect when you first open FF/IE/Opera saying the rules and so forth. Thats it. Making sharing and redundancy illegal is ridiculous and as the summary suggests it doesn't help anything.

You can't just walk into a cafe in Mumbai and use the wifi. You have to show a government ID (such as a passport), which is recorded, before you even get access credentials.

Exact. And since terrorists would NEVER steal a passport, it means that this will keep the children safe, and not at all only serve to mess with regular citizens while being a mere inconvenience for true criminal intents.

Newsflash: Mumbai has 17 MILLION people. Granted at most 500,000 have computers.

But still the level of computer literacy in Mumbai in police force is complete joke. Hey, their government offices don't even have computers.

I think the most ridiculous thing is that there's countless MILLIONS starving on the streets and now they are going to equip police with laptops to chase after unprotected WiFi signals?

Didn't they get the memo a few months ago that even WPA2 was cracked with Nvidia CPU/GPUs?

What are they going to do, enforce people to implement breakable security? Where's the sense in that.

Indian stock market is down over 60%, I think the police should be focusing their efforts on preventing civil unrest. And government spending their money far more wisely. People are starving everywhere you look in Mumbai, not to say the same thing in just about every other Indian city.

Please explain, in a way that those of us who aren't completely wrapped in tin-foil from head to toe, can understand.

Well, an unsecured point means big brother can't track who exactly is using it -- relatively anonymous. Since 9/11, big brother (in many countries) has become obsessed with tracking everything everyone is doing under the guise of security. That kind of power can be easily abused and there are no laws preventing the abuse.

The joke of an article simply refers to "terror mails" sent before the bombings. Are they saying that the bombings were planned via email through these open APs?

If so, then I feel that the police's actions give insight as to their real drives: get a conviction, secure that pay-rise and promotion. If an AP is open it gives a pretty good defence to the owner, but if it is secure then that defence may not fly. The police get a successful conviction, even though it might be totally the wrong person.

If you don't think that law enforcement will care more for conviction than solving a terrorist atrocity then just take a look at the Birmingham pub bombings. [wikimedia.org]

It's a usual knee jerk reaction - the police have to be seen to be doing something, but I dunno how closing of open APs will stop terrorist actions. Generally, if you want to stop terrorism you need to stop pissing off the people bombing you.

Your kidding right? The whole point and stated goal of mandating secure wifi is to stop anonymous communication. Did you not read the article? This isn't a case of the government claiming to do something different. This is a case of the government saying "we need to be able to keep eye on everyone." Did you read something else into the plan to require secured wifi?

They want ppl to feel like they are doing something to help the nation. It is no different than when W has been saying that American airports, ports and harbors are secure. They are not. It is more work, but it is still possible to smuggle weapons on-board aircraft (in fact, far too easy). The same is true of Mumbai. Assume that these guys want to attack again. So what? They simply rig an encrypted wifi close by and then use it for themselves. VERY easy to do. In fact, they can even set up some systems where they are 5KM away and use an antenna to beam to the top of the hotel. From there, plug in various antenna's just prior to the attack. It is that simple.

I have a job that sometimes involves talking about security in some general terms.

One thing I always say (and I'm not very popular for saying it) is that most security -- information or otherwise -- is more about the job security of the person in charge of the security. He has to keep doing *something*. As long as no bad stuff happens, he gets to say "see, we did all of this, so nothing happened". If something bad happens, he says "look we did **ALL** of this, and still something happened; how could I have prevented it/foreseen it?", possibly followed by "clearly I need more budget!" if he's sure he can get out of that job before the next attack of any kind.

Anyway, this wifi thing is bullshit. It's a just a stupid show of strength by the terrorists ("look we can get into your network"), even if a 14-year old with Kismet can do the same. And the idiot cops are falling for it. What difference does it make who sends what email, when you know where the bullets and the bombs are coming from?

You wouldn't believe how that fellow who "hacked" Heywood got talked up about -- how and where he learned hacking, who taught him, the "ethical hacking" school he enrolled in (the Ankit Faudia type stuff) -- you'd think the guy was Mitnick or something, the way the local lay media went on.

The transcripts of the sodding terrorist cellphone calls are available online and on the news and *what* different did that make?

So, how often is this supposed sweep going to take place? If you'd been to Mumbai you'd be laughing till your sides ache. Any sort of WiFi is very low on the list of things most of the people about, this is a place where people live next to open sewers and shit into newspaper and leave it on the pavement - and not just in some ghettoised area. You have to watch where you tread for most of your day.

Where I'm living atm. (Goa) we're supposed to be on high terror alert. So it now costs Rs. 100 ($1) to cross the checkpoints unsearched instead of the normal Rs. 10. They claim pride in no terror attacks yet there are rapes every few days and unnaturally caused dead bodies found regularly. The driving test is driving 20 yards, going round a traffic island and coming back. Btw. if you do get raped here you will be told it is your own fault and the best thing you can do is to go back to where you came from (if you can find a police station that will listen to your story).

The biggest threat to your safety here as a local are the govt. officials. They are likely to be known murderers or their children can rape and murder with almost impunity a couple of times.

India likes to project an image of a wonderful progressive country but it will remain mostly a third world corruption riddled shit hole for my lifetime. Esp. as the GDP growth is about to end and they already spend minimal amounts on the welfare of the people (less than 2% of GDP on healthcare) 25% of whom are illiterate.